Debian Package Tracker

From: Alessandro Ghedini <ghedo@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted curl 7.38.0-4+deb8u6 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Sun, 08 Oct 2017 11:32:28 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 01 Oct 2017 12:05:13 +0100
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc
Architecture: source amd64 all
Version: 7.38.0-4+deb8u6
Distribution: jessie-security
Urgency: medium
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description:
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-doc - documentation for libcurl
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Changes:
 curl (7.38.0-4+deb8u6) jessie-security; urgency=medium
 .
   * Fix TFTP sends more than buffer size as per CVE-2017-1000100
     https://curl.haxx.se/docs/adv_20170809B.html
   * Fix URL globbing out of bounds read as per CVE-2017-1000101
     https://curl.haxx.se/docs/adv_20170809A.html
   * Fix FTP PWD response parser out of bounds read as per CVE-2017-1000254
     https://curl.haxx.se/docs/adv_20171004.html
Checksums-Sha1:
 2d623c1ddca580881d7d17557237613a9abb171a 2669 curl_7.38.0-4+deb8u6.dsc
 7dc9eae67c6d62057064f78ebd2a2ea824fc4fd2 42064 curl_7.38.0-4+deb8u6.debian.tar.xz
 e8fafa71533e279c9388d3436f9e5b2f54d50b73 200684 curl_7.38.0-4+deb8u6_amd64.deb
 dfe68c256f9095f9bc32677c1b5a8b6a9b12d651 259880 libcurl3_7.38.0-4+deb8u6_amd64.deb
 ace4b756491842a62e618900e71645297a003e82 251730 libcurl3-gnutls_7.38.0-4+deb8u6_amd64.deb
 117f6f643b8ffd72746348c8ea895f4e43e13351 263428 libcurl3-nss_7.38.0-4+deb8u6_amd64.deb
 845499af568e3210f94d6d90bd3bd1a092eea338 337344 libcurl4-openssl-dev_7.38.0-4+deb8u6_amd64.deb
 7b9915502757478237f1db14d188464b84b256d9 328638 libcurl4-gnutls-dev_7.38.0-4+deb8u6_amd64.deb
 fb59ea39f144a70a5658bd25ccbe7e102f0201a4 341080 libcurl4-nss-dev_7.38.0-4+deb8u6_amd64.deb
 8dadf81b4ce4818bb999af3024b89d16bd20b75e 3368496 libcurl3-dbg_7.38.0-4+deb8u6_amd64.deb
 b2d822652facc3282134cd44dfad9626d1d27267 1066564 libcurl4-doc_7.38.0-4+deb8u6_all.deb
Checksums-Sha256:
 ed599fd1b78609ab0d91125d095ce88c8bfece997cece225cdec251c888766cd 2669 curl_7.38.0-4+deb8u6.dsc
 16a861a007d3ea6db80608bf6b27221f9cdc9bf0ee0b931c32971014d5cd2863 42064 curl_7.38.0-4+deb8u6.debian.tar.xz
 400884671f1c471820a0a5f4628e7b9eeac881f5b2c1e0cfb83907bc619ad105 200684 curl_7.38.0-4+deb8u6_amd64.deb
 922d0612ec1b854d0edc562798e8e95a7e816338a535d1ecf56beb9da0d95aee 259880 libcurl3_7.38.0-4+deb8u6_amd64.deb
 27efbdbbff7700d74aa7b10904685811f9eb764e847420b5b0c44545aa868b1f 251730 libcurl3-gnutls_7.38.0-4+deb8u6_amd64.deb
 daa2a4dffd068a0d80067c664deb6a44b9f2d7377fbd14efc603470797a5e3a2 263428 libcurl3-nss_7.38.0-4+deb8u6_amd64.deb
 6410b022ab8eafbf167305514a0fb05c9cecf744804f126db671e1447342e497 337344 libcurl4-openssl-dev_7.38.0-4+deb8u6_amd64.deb
 d5d6833150bc5267b6d2e36cb1e8cec7652497654fc2151dfe48be278072a7c3 328638 libcurl4-gnutls-dev_7.38.0-4+deb8u6_amd64.deb
 0fa5a20cb97ce80165e994c4339f0ee7771b45ac8201a2289d1c11a6e0255452 341080 libcurl4-nss-dev_7.38.0-4+deb8u6_amd64.deb
 691b98735b205e85878bbf00b2359ea77e1bfc8a8be2ea8d3ee002cc812bab0f 3368496 libcurl3-dbg_7.38.0-4+deb8u6_amd64.deb
 04e9dc5498ae046fa908d675578992f3aa26b1de11def12b2214ef78446fb273 1066564 libcurl4-doc_7.38.0-4+deb8u6_all.deb
Files:
 48e5948ee993ea9df7b64e298b7790c6 2669 web optional curl_7.38.0-4+deb8u6.dsc
 67bb55b1b5b579982ebbb691d5f2677d 42064 web optional curl_7.38.0-4+deb8u6.debian.tar.xz
 eca2a3c03b87527a9d0838bdf4867302 200684 web optional curl_7.38.0-4+deb8u6_amd64.deb
 90ca4c2d5baa9fda3323b4c03485df6a 259880 libs optional libcurl3_7.38.0-4+deb8u6_amd64.deb
 715a48352d54fca5c5e0104d8394d73f 251730 libs optional libcurl3-gnutls_7.38.0-4+deb8u6_amd64.deb
 c56dcf284a865f1050fc9a538a2b6980 263428 libs optional libcurl3-nss_7.38.0-4+deb8u6_amd64.deb
 bbf34ffaf274a4b55fc91759da2a0176 337344 libdevel optional libcurl4-openssl-dev_7.38.0-4+deb8u6_amd64.deb
 9896b8ba22ca3217badff3f57da2b125 328638 libdevel optional libcurl4-gnutls-dev_7.38.0-4+deb8u6_amd64.deb
 ce7b22287df15f08277cc79d0869a2d0 341080 libdevel optional libcurl4-nss-dev_7.38.0-4+deb8u6_amd64.deb
 c9fce8d36174a9279bab12861f800a19 3368496 debug extra libcurl3-dbg_7.38.0-4+deb8u6_amd64.deb
 01db9325ae8ac23bd1edf353cbb1adab 1066564 doc optional libcurl4-doc_7.38.0-4+deb8u6_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlnQ8doACgkQbwzL4CFi
RygQ9Q//bKufVzS5F/GlpDSnmNJT7cwYz3NiaL80S/G6o0F43lVgysmOImzJ73fH
sjTgZmZNIvx1BptRTyoW2d9vhqOBZHytqOuX7fVZ6bBN3b8zX5PgyVynZD/HqzBG
MaLIdvk3E9My0DNrRjlqE+FAiDVWy38ngAci/4Bu8k5zEq+RTZ/QnB9EejFzUm88
sdXN5zWfPD6KLRoONEqMLNQ927Ph6Xlmau4i6Wdp4L/kSBzvdXs5TGpZwZXIJo/l
s9zBgRosJKdJUSrQLEFifMWMaPjKvawC5On/IkYGUTPclgYyVqJQUfETRYzLC3EK
ty3w1tXkFb4VGXm5H5Z0Eq2W6BU7fheqWOIjizthzpCVAuOJbFdaUTTcwQUrDG2O
/NpmvhA2e4hdhKJKyE3ZFP+yIzqvWBlnCEeNH/d3e84ZkDo8e1CbLr91xBcTPmx8
MQ0lKwAP3XfsJ2l9osEn8hrhg0X+2kzsEda/VXM8XGP+nY2hO6Nc8P/q52qUYznl
PQbvn9WoA0Qho9iMiyed7MW0C4vGkrNt7Nf6ZT4v9NPG/CIwhUHe3uKBL2iLYIaA
oZV5Vt+ZZuUvJEdywXWP1tu9JvDMs3ETJA0BCYJ6dqJkT0iskHe0nsCNrNUs9Oap
jwC23vBy7zzSZdrOSJlr4+rdGtu/aWspcYzr9PjAdrhOI3usvRg=
=ChO9
-----END PGP SIGNATURE-----
News for package curl
